Safetech Innovations becomes a cybersecurity auditor

Safetech Innovations, a Romanian cybersecurity company listed on the AeRO market of the Bucharest Stock Exchange, receives the cybersecurity auditor accreditation for essential operators, based on Law 362/2018 on ensuring a high common level of security of networks and information systems, from the National Centre of Response to Cybersecurity Incidents (CERT-RO), the competent national authority for the network and information systems security. Following the accreditation, the management estimates the significant increase of revenues on the business line related to audit and information security risk assessments.

“The implementation of Law 362/2018 measures by public and private companies in Romania targets the protection of critical and digital infrastructures and ensuring systems that are fundamental for society. As of August 26, 2021, Safetech Innovations and ten company employees are certified as cybersecurity auditors for three years. We estimate that this activity will have a significant share in the company’s revenues in the coming years. Operators who do not comply with the obligations imposed by the national legislation transposing the NIS Directive may be fined with up to 5% of their turnover. However, the fine is not the most important aspect for an essential operator to consider. The lack of adequate security measures and, implicitly, the threat of an imminent cyberattack can lead to much greater losses, both at the financial and reputational level. The cybersecurity audit is the first step that companies that want to protect their business against any threats to their networks and information systems should take,” said Victor Gansac, CEO of Safetech Innovations.

Directive (EU) 2016/1148 of the European Parliament and of the Council, approved in 2016 and known as NIS, was adopted in Romania by Law no. 362/2018. The objective of the NIS Directive is to ensure a high common level of security of network and information systems within the European Union. Companies that operate essential services for the population – from energy, transport, banking, financial market, health, drinking water supply and distribution, digital infrastructure – as well as those that provide digital services and solutions – cloud service providers, search engines and online markets, are required to develop and implement more advanced solutions to ensure their cybersecurity and to work with public authorities for a potential common response to cyberattacks.

Following the receiving of the accreditation from CERT-RO, Safetech Innovations is among the few companies in Romania eligible to perform all types of cybersecurity security audits – special, common and general for essential service operators that have not fulfilled their obligation to perform a self-assessment of their security of network and information systems and to notify CERT-RO. Depending on the company’s size, an audit takes at least 30 days, and aspects such as security governance, protection of networks and information systems, cyber defence, and resilience of services are verified.

In December 2020, the European Union Agency for Cybersecurity (ENISA) published a report on investments made from a NIS perspective at the EU level. Following an analysis in five Member States, the level of adoption of the NIS Directive was 70.6% in Germany, 66.7% in France, 64% in Italy, 48% in Spain, and 42.9% in Poland. In Romania, the technical norms of Law 362/2018 were published in November 2020.

Although the technical norms of the NIS Directive were recently adopted in Romania, at the level of the European Union a revised NIS Directive is being debated to replace the existing one. NIS2 is designed to respond to new developments in information security and takes into account the digital transformation of society, which has been accelerated by the crisis caused by the COVID-19 pandemic. The new rules will strengthen security obligations for businesses, address the security of supply chains, introduce stricter surveillance measures for national authorities and further intensify information exchange and cooperation. The NIS2 Directive is currently under discussion at the European Council level.